A FEW YEARS AGO, a small business hit with ransomware experienced something all companies dread—an attack that targeted its backups. At first, the company didn’t think much of it, assuming that its data was protected. The company’s small IT staff started the recovery process, reloading all the tapes, and then went home to get a few hours of rest.
But they miscalculated the tenacity and ingenuity of today’s hackers. In fact, the perpetrators were still in the system during the tape reloading process. Through malware they had previously installed, the bad actors were able to delete the contents of all of the tapes, largely because the IT staff was so exhausted they had missed flipping the “write protect” tab on the tapes. As a result, the situation went from what could have been a recoverable event to one where the company was forced to pay the ransom.
All this happened during the time the company was in contract negotiations with Alvaka Networks, an Irvine, Calif.-based MSP specializing in backup, disaster recovery, and ransomware recovery. In fact, this incident sealed the deal for the company, and its executives immediately signed the paperwork for all three services.
What happened to this small business isn’t uncommon. As many as 88% of SMBs experienced at least one ransomware attack in the last year, making them much more vulnerable than larger enterprises. What’s more, 46% of ransomware victims that paid the ransom were attacked again. But that’s only part of the problem; many small businesses can’t survive for long if they are attacked. In fact, less than half of SMBs would survive for three days after an attack, and 28% would survive for only seven days.
Today, backups are prime targets for bad actors who have created increasingly sophisticated methods of attacking the backup administration console and changing backup jobs or retention policies. After getting inside, it’s just a matter of finding and deleting directories or inserting a virus into a backup. When a company attempts to restore its environment from a backup, it unintentionally restores the virus into its production environment, which causes it to detonate. As a result, companies end up either losing weeks or months of data or paying a ransom.
It doesn’t help that organizations often don’t have effective backup technology or processes, says Oli Thordarson, CEO of Alvaka Networks. For example, it’s not uncommon for companies to use the same credential for managing backups as they do for managing the rest of the IT infrastructure—definitely not a best practice.
As a result, many businesses need to rethink their backup practices, but because data storage and backup are intrinsically linked, those practices also affect storage. While data backup focuses on keeping data secure, that data resides in some type of data storage repository. That’s a large part of the reason why storage vendors also have begun adding ransomware detection into their storage systems and including workflows that use storage snapshots to recover from ransomware before it gets to the point of backup.
Chad Kempt, CEO and owner of Fast Computers, a Canadian service-based MSP, recalls a company that became a customer after experiencing what he referred to as a horrible situation.
“They were storing their data on a NAS [network-attached storage] device and didn’t have any backups other than some PCs with USB backups of select data,” Kempt explains. “When disaster hit, their data was encrypted across the entire network extremely quickly, taking down their entire business, line-of-business applications, and important documents. They had to try to quickly figure out where their data was, restore it, and reinstall their programs to get business operating again.”
Since then, the company has become a client of Fast Computers and moved forward with a security plan to protect endpoints.
These types of issues create a lot of opportunities for MSPs to assess the environment, pinpoint the biggest weaknesses, and address them with modern backup/recovery and storage systems and processes.
The biggest tool MSPs have in their arsenal is knowledge. For example, while many SMBs believe they are too small to be a ransomware target, it’s up to MSPs to dispel that myth.
“SMBs might be too small of a target for some attacks, but on the other hand, they are more likely to be selected randomly and hit by a bot—and bots don’t discriminate,” Thordarson says.
Images
Related News
